chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Forum: add remove_xss

Browse Source
pull/3937/head^2
Julio Montoya 4 years ago
parent c7bf620fb3
commit 0d8c731a97
3 changed files with 21 additions and 22 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      main/forum/viewforum.php
  2. 16
      main/forum/viewforumcategory.php
  3. 21
      main/template/default/forum/list.tpl

6
main/forum/viewforum.php
Unescape View File

@ -140,7 +140,7 @@ if (!empty($groupId)) {
$interbreadcrumb[] = [ $interbreadcrumb[] = [
'url' => $forumUrl.'viewforumcategory.php?forumcategory='.$current_forum_category['cat_id'] 'url' => $forumUrl.'viewforumcategory.php?forumcategory='.$current_forum_category['cat_id']
.'&search='.Security::remove_XSS(urlencode($my_search)), .'&search='.Security::remove_XSS(urlencode($my_search)),
'name' => prepare4display($current_forum_category['cat_title']), 'name' => Security::remove_XSS(prepare4display($current_forum_category['cat_title'])),
]; ];
$interbreadcrumb[] = [ $interbreadcrumb[] = [
'url' => '#', 'url' => '#',
@ -375,7 +375,7 @@ if (api_is_allowed_to_edit(false, true) ||
echo '</div>'; echo '</div>';
/* Display */ /* Display */
$titleForum = $current_forum['forum_title']; $titleForum = Security::remove_XSS($current_forum['forum_title']);
$descriptionForum = $current_forum['forum_comment']; $descriptionForum = $current_forum['forum_comment'];
$iconForum = Display::return_icon( $iconForum = Display::return_icon(
'forum_yellow.png', 'forum_yellow.png',
@ -440,7 +440,7 @@ if (is_array($threads)) {
$linkPostForum = '<a href="viewthread.php?'.api_get_cidreq().'&forum='.$my_forum $linkPostForum = '<a href="viewthread.php?'.api_get_cidreq().'&forum='.$my_forum
."&thread={$row['thread_id']}&search=" ."&thread={$row['thread_id']}&search="
.Security::remove_XSS(urlencode($my_search)).'">' .Security::remove_XSS(urlencode($my_search)).'">'
.$row['thread_title'].'</a>'; .Security::remove_XSS($row['thread_title']).'</a>';
$html = ''; $html = '';
$html .= '<div class="panel panel-default forum '.($row['thread_sticky'] ? 'sticky' : '').'">'; $html .= '<div class="panel panel-default forum '.($row['thread_sticky'] ? 'sticky' : '').'">';
$html .= '<div class="panel-body">'; $html .= '<div class="panel-body">';

16
main/forum/viewforumcategory.php
Unescape View File

@ -126,8 +126,6 @@ echo $html;
$logInfo = [ $logInfo = [
'tool' => TOOL_FORUM, 'tool' => TOOL_FORUM,
'tool_id' => 0,
'tool_id_detail' => 0,
'action' => $action, 'action' => $action,
'info' => isset($_GET['content']) ? $_GET['content'] : '', 'info' => isset($_GET['content']) ? $_GET['content'] : '',
]; ];
@ -181,7 +179,7 @@ if ($action != 'add') {
$forum_categories_list = []; $forum_categories_list = [];
$forumId = $forum_category['cat_id']; $forumId = $forum_category['cat_id'];
$forumTitle = $forum_category['cat_title']; $forumTitle = Security::remove_XSS($forum_category['cat_title']);
$linkForumCategory = 'viewforumcategory.php?'.api_get_cidreq().'&forumcategory='.strval(intval($forumId)); $linkForumCategory = 'viewforumcategory.php?'.api_get_cidreq().'&forumcategory='.strval(intval($forumId));
$descriptionCategory = $forum_category['cat_comment']; $descriptionCategory = $forum_category['cat_comment'];
$icoCategory = Display::return_icon( $icoCategory = Display::return_icon(
@ -271,15 +269,12 @@ if ($action != 'add') {
// you are teacher => show forum // you are teacher => show forum
if (api_is_allowed_to_edit(false, true)) { if (api_is_allowed_to_edit(false, true)) {
//echo 'teacher';
$show_forum = true; $show_forum = true;
} else { } else {
// you are not a teacher // you are not a teacher
//echo 'student';
// it is not a group forum => show forum // it is not a group forum => show forum
// (invisible forums are already left out see get_forums function) // (invisible forums are already left out see get_forums function)
if ($forum['forum_of_group'] == '0') { if ($forum['forum_of_group'] == '0') {
//echo '-gewoon forum';
$show_forum = true; $show_forum = true;
} else { } else {
// it is a group forum // it is a group forum
@ -287,16 +282,13 @@ if ($action != 'add') {
// it is a group forum but it is public => show // it is a group forum but it is public => show
if ($forum['forum_group_public_private'] == 'public') { if ($forum['forum_group_public_private'] == 'public') {
$show_forum = true; $show_forum = true;
//echo '-publiek';
} else { } else {
// it is a group forum and it is private // it is a group forum and it is private
//echo '-prive'; //echo '-prive';
// it is a group forum and it is private but the user is member of the group // it is a group forum and it is private but the user is member of the group
if (in_array($forum['forum_of_group'], $groups_of_user)) { if (in_array($forum['forum_of_group'], $groups_of_user)) {
//echo '-is lid';
$show_forum = true; $show_forum = true;
} else { } else {
//echo '-is GEEN lid';
$show_forum = false; $show_forum = false;
} }
} }
@ -360,14 +352,14 @@ if ($action != 'add') {
$html .= '<div class="col-md-9">'; $html .= '<div class="col-md-9">';
$iconForum = Display::return_icon( $iconForum = Display::return_icon(
'forum_yellow.png', 'forum_yellow.png',
get_lang($forum_category['cat_title']), Security::remove_XSS(get_lang($forum_category['cat_title'])),
null, null,
ICON_SIZE_MEDIUM ICON_SIZE_MEDIUM
); );
$linkForum = Display::tag( $linkForum = Display::tag(
'a', 'a',
$forum['forum_title'].$session_displayed, Security::remove_XSS($forum['forum_title']).$session_displayed,
[ [
'href' => 'viewforum.php?'.api_get_cidreq(true, false)."&gidReq={$forum['forum_of_group']}&forum={$forum['forum_id']}&search=".Security::remove_XSS(urlencode(isset($_GET['search']) ? $_GET['search'] : '')), 'href' => 'viewforum.php?'.api_get_cidreq(true, false)."&gidReq={$forum['forum_of_group']}&forum={$forum['forum_id']}&search=".Security::remove_XSS(urlencode(isset($_GET['search']) ? $_GET['search'] : '')),
'class' => empty($forum['visibility']) ? 'text-muted' : null, 'class' => empty($forum['visibility']) ? 'text-muted' : null,
@ -382,7 +374,7 @@ if ($action != 'add') {
); );
$html .= Display::tag( $html .= Display::tag(
'p', 'p',
strip_tags($forum['forum_comment']), Security::remove_XSS(strip_tags($forum['forum_comment'])),
[ [
'class' => 'description', 'class' => 'description',
] ]

21
main/template/default/forum/list.tpl
Unescape View File

@ -47,7 +47,7 @@
{% if fold_forum_categories %} {% if fold_forum_categories %}
{% set panel_icon %} {% set panel_icon %}
<a href="{{ item.url }}" title="{{ item.title }}"> <a href="{{ item.url }}" title="{{ item.title | remove_xss }}">
<span class="open">{{ 'forum_blue.png'|img(32) }}</span> <span class="open">{{ 'forum_blue.png'|img(32) }}</span>
</a> </a>
{% endset %} {% endset %}
@ -62,7 +62,8 @@
{% set panel_title %} {% set panel_title %}
<a href="{{ item.url }}" title="{{ item.title }}"> <a href="{{ item.url }}" title="{{ item.title }}">
<span class="open">{{ 'forum_blue.png'|img(32) }}</span> <span class="open">{{ 'forum_blue.png'|img(32) }}</span>
{{ item.title }}{{ item.icon_session }} {{ item.title | remove_xss }}
{{ item.icon_session }}
</a> </a>
{% for category_language_item in category_language_array %} {% for category_language_item in category_language_array %}
<span class="flag-icon flag-icon-{{ languages[category_language_item | lower] }}"></span> <span class="flag-icon flag-icon-{{ languages[category_language_item | lower] }}"></span>
@ -106,7 +107,13 @@
</div> </div>
<h3 class="title"> <h3 class="title">
{{ 'forum_yellow.png'|img(32) }} {{ 'forum_yellow.png'|img(32) }}
<a href="{{ subitem.url }}" title="{{ subitem.title }}" class="{{ subitem.visibility != '1' ? 'text-muted': '' }}">{{ subitem.title }}</a> <a
href="{{ subitem.url }}"
title="{{ subitem.title | remove_xss }}"
class="{{ subitem.visibility != '1' ? 'text-muted': '' }}"
>
{{ subitem.title | remove_xss }}
</a>
{% if subitem.forum_of_group != 0 %} {% if subitem.forum_of_group != 0 %}
<a class="forum-goto" href="../group/group_space.php?{{ _p.web_cid_query }}&gidReq={{ subitem.forum_of_group }}"> <a class="forum-goto" href="../group/group_space.php?{{ _p.web_cid_query }}&gidReq={{ subitem.forum_of_group }}">
{{ "forum.png"|img(22) }} {{ "GoTo"|get_lang }} {{ subitem.forum_group_title }} {{ "forum.png"|img(22) }} {{ "GoTo"|get_lang }} {{ subitem.forum_group_title }}
@ -124,16 +131,16 @@
</div> </div>
{% endif %} {% endif %}
<div class="description"> <div class="description">
{{ subitem.description }} {{ subitem.description | remove_xss }}
</div> </div>
{{ subitem.last_post_text }} {{ subitem.last_post_text }}
{{ subitem.alert }} {{ subitem.alert }}
{% if subitem.moderation is not empty %} {% if subitem.moderation is not empty %}
<span class="label label-warning"> <span class="label label-warning">
{{ "PostsPendingModeration"|get_lang }}: {{ subitem.moderation }} {{ "PostsPendingModeration"|get_lang }}: {{ subitem.moderation }}
</span> </span>
{% endif %} {% endif %}
</div> </div>
</div> </div>

Write Preview
Loading…
Cancel
Save